From: Satavee <sa...@gm...> - 2012-02-26 12:51:28
|
Hi Pierre, You're rigth. It's work. Next question, any command to let racoon/ipsec-toools support this overlapping ..? Regards, Satavee On Feb 26, 2012, at 17:44, Pierre Christensen <pie...@fr...> wrote: > Hi Satavee, > > It might be related to the fact that you have overlapping networks on both sides of your VPN tunnel. > What I suspect is that the TCP/ICMP packet reach your linux router in 192.168.24.1 but the packet is then processed by the racoon daemon and the packet with destination IP 192.168.24.1 is then pushed into the VPN tunnel. > Now I suspect that the packet is bounced between the two VPN tunnels extremity until the TTL is expired our it will be dropped on the other side of your tunnel as src.IP is in a dst.network. > This might be possible to check if there is a way to make a tcpdump in the encrypted tunnel. I don't know if this is possible, if someone can tell me a way for that ? > > Easy way for solving your issue might be to use a different network on 192.168.24.0/24 side which will not be in 192.16.0.0/16 range. > > Regards, > Pierre > > Le 26/02/12 07:52, Satavee a écrit : >> >> Hi Stephen, >> >> I've tried as your suggeston but My problem is still exist. >> >>>> ------- >>>> note: router ip = 192.168.24.1/24 and my pc =192.168.24.2/24 gw >>>> 192.168.24.1. >> >>> /sbin/ip route add 192.168.0.0/16 via 110.110.110.65 dev ethX src 192.168.24.1 >> >> This static route is related to right network. ===>>> but my problem is " i cannot ping and ssh form my pc (192.168.24.2) to linux router (192.168.24.1).... >> >> >> >> Again i can transfer fle btw 192.168.24.1 and 192.168.x.x. >> >> >> Regards, >> Satavee >> On Feb 26, 2012, at 2:33, Stephen Clark <scl...@ea...> wrote: >> >>> On 02/24/2012 10:26 PM, Satavee wrote: >>>> >>>> Hi All, >>>> I've installed ipsec-tool + racoon for few week,currently Ipsec is up, I >>>> can send/receieve data over tunnel from both side. >>>> >>>> My problem is, I Can't access (ping & ssh) to linux's router after run >>>> "setkey start". >>>> >>>> ---- >>>> root@Racoon:/etc# cat ipsec-tools.conf >>>> #!/usr/sbin/setkey -f >>>> # Flush SAD and SPD >>>> flush; >>>> spdflush; >>>> spdadd 192.168.24.0/24 192.168.0.0/16 any -P out ipsec >>>> esp/tunnel/110.110.110.65-112.112.112.95/unique; >>>> spdadd 192.168.0.0/16 192.168.24.0/24 any -P in ipsec >>>> esp/tunnel/112.112.112.95-110.110.110.65/unique; >>>> ------- >>>> note: router ip = 192.168.24.1/24 and my pc =192.168.24.2/24 gw >>>> 192.168.24.1 >>>> >>>> root@Racoon:/etc/racoon# racoon -V >>>> @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net) >>>> >>>> -- >>>> >>>> >>>> Regards >>>> Satavee >>>> >>>> ------------------------------------------------------------------------------ >>>> Virtualization & Cloud Management Using Capacity Planning >>>> Cloud computing makes use of virtualization - but cloud computing >>>> also focuses on allowing computing to be delivered as a service. >>>> http://www.accelacomm.com/jaw/sfnl/114/51521223/ >>>> >>>> _______________________________________________ >>>> Ipsec-tools-devel mailing list >>>> Ips...@li... >>>> https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel >>>> >>> >>> /sbin/ip route add 192.168.0.0/16 via 110.110.110.65 dev ethX src 192.168.24.1 >>> -- >>> >>> "They that give up essential liberty to obtain temporary safety, >>> deserve neither liberty nor safety." (Ben Franklin) >>> >>> "The course of history shows that as a government grows, liberty >>> decreases." (Thomas Jefferson) >>> >>> >> >> >> ------------------------------------------------------------------------------ >> Virtualization & Cloud Management Using Capacity Planning >> Cloud computing makes use of virtualization - but cloud computing >> also focuses on allowing computing to be delivered as a service. >> http://www.accelacomm.com/jaw/sfnl/114/51521223/ >> >> >> _______________________________________________ >> Ipsec-tools-devel mailing list >> Ips...@li... >> https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel > ------------------------------------------------------------------------------ > Virtualization & Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > _______________________________________________ > Ipsec-tools-devel mailing list > Ips...@li... > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel |